Connect to AWS for threat detection

Certain threat investigation capabilities in the Enterprise tier of Security Command Center are powered by Google Security Operations, including curated detections which enable you to identify patterns in both Google Cloud and AWS data.

If you plan to use curated detections, make sure to review information about supported log types. Each rule set requires certain data to function as designed, including one or more of the following:

  • AWS CloudTrail logs
  • AWS GuardDuty
  • AWS VPC Flow
  • AWS CloudWatch
  • AWS Security Hub
  • AWS context data about hosts, services, VPC, and users

To use these curated detections, you must ingest AWS data to Google Security Operations, and then enable the curated detection rules. For information about how to configure the ingestion of the AWS data, see Ingest AWS logs into Google Security Operations in the Google SecOps documentation. For information about how to enable curated detection rules, see Use curated detections to identify threats in the Google SecOps documentation.